shadowbyt3$
Ransomware group profile
2Victims
58Impact score
Description
ShadowByt3$ is a financially motivated ransomware group that first emerged in October 2025. The group employs a double extortion model, encrypting victim data while also exfiltrating sensitive information and threatening to release it publicly if ransom demands are not met.
Key insights
- •Operates using a double extortion ransomware model, encrypting and exfiltrating data.
- •Primarily targets financial gain through coercive tactics involving public data release threats.
- •Specific initial access methods are unclear, but common vulnerabilities include weak credentials.
- •Threats to release stolen data heighten pressure on victims to comply with ransom demands.
- •The group's operations reflect evolving trends in ransomware tactics, including targeting sectors such as education and healthcare.
Threat Level & Status Breakdown
For shadowbyt3$ · Based on incidents in selected period
4.5threat level
Aggressiveness7/ 10
Lethality1/ 10
Criticality5.7/ 10
Status Breakdown
Data Leaked17.6%6
Negotiating2.9%1
First seenFeb 2026
Last seenApr 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 18, 2026
Recent activity
Monthly attack count for shadowbyt3$ in the selected period
2Total attacks
1peak in Feb
1avg / month
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for shadowbyt3$
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1059
T1059
T1562
T1562
T1021
T1021
T1046
T1046
T1547
T1547
T1021.001
T1021.001
T1035
T1035
Victims(36)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| TINYpulse NINTENDO BREACH | nintendo.com | JP Japan | Technology | Data Leaked | 4 days ago | |
| TinyPulse Nintendo (Nintendo.com) nintendo_file_tree.txt | nintendo.com | JP Japan | Technology | Data Leaked | 6 days ago | |
| Nintendo Company | nintendo.com | JP Japan | Technology | Data Leaked | 7 days ago | |
| Lead Company (Leadership Boulevard) | — | IN India | Professional Services | Unknown | 17 days ago | |
| Cropwise (Syngenta Group) | — | CH Switzerland | Other | Data Leaked | 18 days ago | |
| BreachForums is Back | breachforu.ms | US United States | Technology | Data Leaked | 19 days ago | |
| StarBucks Company (StarBucks.com | — | US United States | Hospitality | Negotiating | 30 days ago | |
| Ellucian PowerCampus Warning (Contact Us) | ellucian.com | US United States | Education | Data Leaked | about 1 month ago | |
| Stride Learning | stridelearning.com | US United States | Education | Unknown | about 2 months ago | |
| Amplify Technology | amplifytechnology.co.uk | GB United Kingdom | Technology | Unknown | 2 months ago | |
| University_Of_Georgia | — | US United States | Education | Unknown | 2 months ago | |
| Hotelogix | hotelogix.com | US United States | Hospitality | Unknown | 2 months ago | |
| PowerCampus | powercampus.in | IN India | Education | Unknown | about 1 month ago | |
| ⬅ BACK | — | — | — | Claimed | about 2 months ago | |
| Eric J Taylor Doxx | — | — | — | Unknown | about 2 months ago | |
| Stride Learning Full Breach | stridelearning.com | US United States | Education | Unknown | about 2 months ago | |
| Ellucian PowerCampus Sample | ellucian.com | US United States | Education | Unknown | 2 months ago | |
| Ellucian PowerCampus | ellucian.com | US United States | Education | Unknown | 2 months ago | |
| Stride Learning Parent Company | stridelearning.com | US United States | Education | Unknown | 2 months ago | |
| UMSA Argentina | — | AR Argentina | — | Unknown | 2 months ago |
Page 1 of 2
Affected countries(11)
Countries where this group has been reported to target or leak victims.